This site may earn affiliate commissions from the links on this page. Terms of use.

Should you think twice about posting that photo to Facebook? According to a new report from The Washington Post, the National Security Agency (NSA) is tapping directly into the servers of nine U.S. Internet firms, including the popular social network.

Many of the firms named in report, however, deny that government has access to their networks.

The Postpublished slides from a presentation that covers a program known as PRISM, which reportedly collects data from Microsoft, Google, Yahoo, Facebook, PalTalk, YouTube, Skype, AOL, and Apple. An unnamed "career intelligence officer" provided the information to the paper to shed a light on what this person considered to be a serious invasion of privacy. "They quite literally can watch your ideas form as you type," the officer told the Post.

The program dates back to 2007, with Microsoft being the first company profiled via PRISM, another slide says. PRISM collection from reportedly began in Oct. 2012. All the companies "participate knowingly" in PRISM, the Post reported (Ed. Note: see below).

But Google, Facebook, Microsoft, and Yahoo denied providing direct access to the NSA.

"Google cares deeply about the security of our users' data. We disclose user data to government in accordance with the law, and we review all such requests carefully," a Google spokeswoman said in a statement to PCMag. "From time to time, people allege that we have created a government 'back door' into our systems, but Google does not have a 'back door' for the government to access private user data."

"Protecting the privacy of our users and their data is a top priority for Facebook," the company's chief security officer, Joe Sullivan, said in a statement. "We do not provide any government organization with direct access to Facebook servers. When Facebook is asked for data or information about specific individuals, we carefully scrutinize any such request for compliance with all applicable laws, and provide information only to the extent required by law."

A Microsoft spokeswoman, meanwhile, said "we provide customer data only when we receive a legally binding order or subpoena to do so, and never on a voluntary basis. In addition we only ever comply with orders for requests about specific accounts or identifiers. If the government has a broader voluntary national security program to gather customer data we don't participate in it."

"Yahoo takes users' privacy very seriously. We do not provide the government with direct access to our servers, systems, or network," a Yahoo spokeswoman said.

"We have not heard of PRISM," a Paltalk spokesman said. "Paltalk exercises extreme care to protect and secure users' data, only responding to court orders as required to by law. Paltalk does not provide any government agency with direct access to its servers."

AOL also said it does "not have any knowledge of the Prism program. We do not disclose user information to government agencies without a court order, subpoena or formal legal process, nor do we provide any government agency with access to our servers."

Apple did not immediately respond to a request for comment, but in a statement to CNBC, Apple said "We have never heard of PRISM. We do not provide any government agency with direct access to our servers."

The Post acknowledged that the PRISM "is not a dragnet," though "the NSA is capable of pulling out anything it likes."

"To collect on a suspected spy or foreign terrorist means, at minimum, that everyone in the suspect's inbox or outbox is swept in," the paper said.

Companies are obliged to comply with secret orders from the Foreign Surveillance Intelligence Court. Last night, it was revealed that a FISA court order called on Verizon to hand over to the NSA customer phone records for a three-month period beginning in April.

UPDATE: As Forbes noted on Friday, the Post story was updated several times after it was first published. The line that said companies "participate knowingly," for example, was later changed to say that the technology companies' "cooperation is essential to PRISM operations."

The New York Times, meanwhile, published a story on Friday evening that said the NSA does not have direct access to company servers. Instead, some of these companies have agreed to set up lock boxes of sorts ("separate, secure portals," the Times said) where they drop data that they are required by law to turn over. Technically, those lock boxes are sometimes located on company servers, validating a portion of the Post's PRISM story, but it does not appear that the NSA can just explore the entirety of Facebook or Google's servers at its own discretion.

"The data shared in these ways, the people said, is shared after company lawyers have reviewed the FISA request according to company practice," the Times wrote. "It is not sent automatically or in bulk, and the government does not have full access to company servers. Instead, they said, it is a more secure and efficient way to hand over the data."

For more, see what President Obama had to say about the controversy earlier today.

Editor's Note: This story was updated Friday with comment from Paltalk and AOL.

Chloe Albanesius has been with PCMag.com since April 2007, most recently as Executive Editor for News and Features. Prior to that, she worked for a year covering financial IT on Wall Street for Incisive Media. From 2002 to 2005, Chloe covered technology policy for The National Journal's Technology Daily in Washington, DC. She has held internships at NBC's Meet the Press, washingtonpost.com, the Tate Gallery press office in London, Roll Call, and Congressional Quarterly. She graduated with a bachelor's degree in journalism from American University...
More »